Just a suggestion: instead of emailing an account .. why not add an option for TOTP (Time-based One Time Password) auth?
Means the user will have to generate backup codes, and use a TOTP app but it is really quite secure and becoming more commonplace these days.
Thanks!
Means the user will have to generate backup codes, and use a TOTP app but it is really quite secure and becoming more commonplace these days.
Thanks!